漏洞概要 关注数(24) 关注此漏洞
>
漏洞详情
披露状态:
2012-09-11: 积极联系厂商并且等待厂商认领中,细节不对外公开
2012-10-26: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
nmap 发现开了不少http的端口,一个一个试了一下,发现一个后台页面,完全没有管理员身份验证。
小试了一下,可以直接修改网站内容……
没啥技术难度,纯粹管理上的失误。
运维人员啊,千万不要图省事啊。
详细说明:
Starting Nmap 6.01 ( http://nmap.org ) at 2012-09-10 20:45 中国标准时间
Nmap scan report for www.7road.com (113.107.111.147)
Host is up (0.20s latency).
Not shown: 995 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http Microsoft IIS httpd 6.0
| http-methods: Potentially risky methods: TRACE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
|_http-title: \xB5\xDA\xC6\xDF\xB4\xF3\xB5\xC0\xBF\xC6\xBC\xBC\xD3\xD0\xCF\xDE\x
B9\xAB\xCB\xBE
8008/tcp open http Microsoft IIS httpd 6.0
|_http-title: Error
| http-methods: Potentially risky methods: TRACE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
8009/tcp open http Microsoft IIS httpd 6.0
|_http-title: Error
| http-methods: Potentially risky methods: TRACE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
8086/tcp open http Microsoft IIS httpd 6.0
|_http-methods: No Allow or Public header in OPTIONS response (status code 200)
|_http-title: \xE4\xB8\xBB\xE9\xA1\xB5
8089/tcp open http Microsoft IIS httpd 6.0
| http-methods: Potentially risky methods: TRACE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
|_http-title: LogOn
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Service detection performed. Please report any incorrect results at http://nmap.
org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 266.37 seconds
其中8086是一个后台地址,没有作任何验证。
漏洞证明:
修复方案:
修复?
1、禁掉后台;
2、后台加身份验证;
3、后台放在内网不要公开出来;
等等等等
版权声明:转载请注明来源 oneof@乌云
>
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝